0

I'm studying a MetaSploit Exploit vnc_keyboard_exec, and I was wondering where is defined the function cmd_psh_payload (line 141).

So I greped through msf/core directory on my Kali machine and found it was in /msf/core/exploit/powershell.rb

So I placed a print_status("aaaa") just before the call of cmd_psh_payload in the exploit file and a print_status("bbb") at the beginning of the function (in powershell.rb) and ran the exploit (in a virtual training lab).... but, only "aaaa" was printed.

I've looked for the definition of this function elsewhere on my machine, but can't find it. So maybe the function is not called, but why would it be ? I'm really stuck here, can't figure out what to do..

Thanks for your support

storm
  • 1,714
  • 4
  • 16
  • 25
Stephane
  • 23
  • 5
  • Just a tip there, I am not a Ruby or Metasploit expert, but maybe your second print_status works but just doesn't print on the same interface (e.g. different stdout / interface). Maybe try to execute something else (touch a file or something). – ack__ Aug 25 '16 at 11:47

2 Answers2

2

You've made code changes to the Powershell mixin, but for the changes to kick in, you need to reload it. And reloading the module will not reload the mixins it depends on.

You need to:

  • Either restart msfconsole

  • Or at the beginning of your module, add this line:

load "./lib/msf/core/exploit/powershell.rb"

And then when you do either reload or rerun, the code changes from the mixin will reapply.

BTW, you are actually better off asking Metasploit questions at: https://community.rapid7.com/community/metasploit

Because there are Metasploit devs there answering questions.

sinn3r
  • 36
  • 1
0

You could try typing 'irb' into msfconsole This will get you an interactive Ruby shell where you can try the function by itself and debug this issue futher.

Also here are the docs for the function you mention.

J.A.K.
  • 4,793
  • 13
  • 30